backend.ai-agent@24.9.3rc2 vulnerabilities

Backend.AI Agent

25.9.1

7 years ago

13 days ago

Known vulnerabilities in the backend.ai-agent package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Missing Authorization Affected versions of this package are vulnerable to Missing Authorization due to improper security controls. An attacker can gain unauthorized access and control over active sessions by exploiting this security oversight. How to fix Missing Authorization? There is no fixed version for `backend.ai-agent`.	[0,)
H Missing Authentication for Critical Function Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication in the registration feature. An attacker with a registered user account can create user accounts that can access private data even when registration is disabled. How to fix Missing Authentication for Critical Function? There is no fixed version for `backend.ai-agent`.	[0,)
H Improperly Implemented Security Check for Standard Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to the exposure of sensitive data in active sessions. An attacker can retrieve credentials for users on the management platform by exploiting this vulnerability. How to fix Improperly Implemented Security Check for Standard? There is no fixed version for `backend.ai-agent`.	[0,)